From abc389eaf807baeaf99a58027c6557cfea87863c Mon Sep 17 00:00:00 2001
From: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
Date: Fri, 6 Sep 2024 19:31:42 +0530
Subject: [PATCH] feature:  Added global.image.imagePullSecrets config in
 values.yaml (#10820) (#10868)

Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
---
 charts/kyverno/Chart.yaml                                     | 2 ++
 charts/kyverno/README.md                                      | 1 +
 charts/kyverno/templates/admission-controller/deployment.yaml | 2 +-
 .../kyverno/templates/background-controller/deployment.yaml   | 2 +-
 charts/kyverno/templates/cleanup-controller/deployment.yaml   | 2 +-
 .../kyverno/templates/hooks/post-upgrade-clean-reports.yaml   | 4 ++--
 .../templates/hooks/post-upgrade-migrate-resources.yaml       | 2 +-
 charts/kyverno/templates/hooks/pre-delete-configmap.yaml      | 4 ++--
 charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml  | 4 ++--
 charts/kyverno/templates/reports-controller/deployment.yaml   | 2 +-
 charts/kyverno/values.yaml                                    | 3 +++
 11 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index 3d20cb64f1..8adb331b28 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -37,6 +37,8 @@ annotations:
       description: Add a key to preserve configmap settings during upgrade
     - kind: added
       description: Make admission reports breaker threshold configurable
+    - kind: added
+      description: ImagePullSecrets made globally configurable
     - kind: removed
       description: Deprecated configuration `features.reports.chunkSize` was removed
 dependencies:
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index 32c8cac00f..e2dbfc89f0 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -857,6 +857,7 @@ The chart values are organised per component.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. |
+| global.imagePullSecrets | list | `[]` | Global list of Image pull secrets When set, it will override any values set under `imagePullSecrets` under different components across the chart. |
 | global.caCertificates.data | string | `nil` | Global CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates Individual controller values will override this global value |
 | global.caCertificates.volume | object | `{}` | Global value to set single volume to be mounted for CA certificates for all deployments. Not used when `.Values.global.caCertificates.data` is defined Individual  controller values will override this global value |
 | global.extraEnvVars | list | `[]` | Additional container environment variables to apply to all containers and init containers |
diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml
index 610e039eca..d145037ef8 100644
--- a/charts/kyverno/templates/admission-controller/deployment.yaml
+++ b/charts/kyverno/templates/admission-controller/deployment.yaml
@@ -39,7 +39,7 @@ spec:
       annotations: {{ tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
     spec:
-      {{- with .Values.admissionController.imagePullSecrets }}
+      {{- with .Values.admissionController.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml
index 11130e26b0..a532d3f846 100644
--- a/charts/kyverno/templates/background-controller/deployment.yaml
+++ b/charts/kyverno/templates/background-controller/deployment.yaml
@@ -32,7 +32,7 @@ spec:
       annotations: {{ tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
     spec:
-      {{- with .Values.backgroundController.imagePullSecrets }}
+      {{- with .Values.backgroundController.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/templates/cleanup-controller/deployment.yaml b/charts/kyverno/templates/cleanup-controller/deployment.yaml
index 5894a7f25e..6e7224d1e0 100644
--- a/charts/kyverno/templates/cleanup-controller/deployment.yaml
+++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml
@@ -39,7 +39,7 @@ spec:
       annotations: {{ tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
     spec:
-      {{- with .Values.cleanupController.imagePullSecrets }}
+      {{- with .Values.cleanupController.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/templates/hooks/post-upgrade-clean-reports.yaml b/charts/kyverno/templates/hooks/post-upgrade-clean-reports.yaml
index 0aec49dd95..ea663e92b8 100644
--- a/charts/kyverno/templates/hooks/post-upgrade-clean-reports.yaml
+++ b/charts/kyverno/templates/hooks/post-upgrade-clean-reports.yaml
@@ -53,7 +53,7 @@ spec:
               done
 
               COUNT=$(kubectl get clusterpolicyreports.wgpolicyk8s.io --no-headers=true | awk '/pol/{print $1}' | wc -l)
-                
+
               if [ $COUNT -gt 0 ]; then
                 echo "deleting $COUNT clusterpolicyreports"
                 kubectl get clusterpolicyreports.wgpolicyk8s.io --no-headers=true | awk '/pol/{print $1}' | xargs kubectl delete clusterpolicyreports.wgpolicyk8s.io
@@ -64,7 +64,7 @@ spec:
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- with .Values.policyReportsCleanup.imagePullSecrets }}
+      {{- with .Values.policyReportsCleanup.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/templates/hooks/post-upgrade-migrate-resources.yaml b/charts/kyverno/templates/hooks/post-upgrade-migrate-resources.yaml
index 034bea6723..4f07b85029 100644
--- a/charts/kyverno/templates/hooks/post-upgrade-migrate-resources.yaml
+++ b/charts/kyverno/templates/hooks/post-upgrade-migrate-resources.yaml
@@ -107,7 +107,7 @@ spec:
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- with .Values.crds.migration.imagePullSecrets }}
+      {{- with .Values.crds.migration.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/templates/hooks/pre-delete-configmap.yaml b/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
index 116fdc8485..69d5568dfe 100644
--- a/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
@@ -83,8 +83,8 @@ spec:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
       restartPolicy: Never
-      {{- with .Values.webhooksCleanup.imagePullSecrets }}
-      imagePullSecrets: 
+      {{- with .Values.webhooksCleanup.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
       containers:
diff --git a/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml b/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml
index 94b24c5e58..6e96e455be 100644
--- a/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml
@@ -30,8 +30,8 @@ spec:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
       restartPolicy: Never
-      {{- with .Values.webhooksCleanup.imagePullSecrets }}
-      imagePullSecrets: 
+      {{- with .Values.webhooksCleanup.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
       containers:
diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml
index afe41702ad..c28060f74a 100644
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@@ -32,7 +32,7 @@ spec:
       annotations: {{ tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
     spec:
-      {{- with .Values.reportsController.imagePullSecrets }}
+      {{- with .Values.reportsController.imagePullSecrets | default .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 9c4a0bfe75..09217d9c3c 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -11,6 +11,9 @@ global:
     # -- (string) Global value that allows to set a single image registry across all deployments.
     # When set, it will override any values set under `.image.registry` across the chart.
     registry: ~
+  # -- (list) Global list of Image pull secrets
+  # When set, it will override any values set under `imagePullSecrets` under different components across the chart.
+  imagePullSecrets: []
 
   caCertificates:
     # -- Global CA certificates to use with Kyverno deployments